Rule Set Based Access Control

Rule Set Based Access Control (RSBAC) is a Free Software security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula and provides a flexible system of access control based on several modules. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.

Recent releases

Release Notes: This release is for Linux kernel 2.6.29.2. A significant speedup and even better SMP scalability are expected from the new RCU based list locking. The most important changes since 1.3.5 are the addition of VUM (Virtual User Management) support, OTP support for UM, support of ANY for NETLINK control, checking of CLOSE requests in RC, the addition of SCD target videomem and kernel attribute pagenr, ext4 secure delete support, and many small bugfixes too. Generic lists were changed to use RCU instead of rw spinlocks.

Release Notes: This release works both for Linux kernel version
2.4.36 and version 2.6.23.15. It now supports
secure delete on XFS and JFS, and the new kernel
parameter rsbac_list_recover allows you to
register lists even if reading from disk fails.
Minor feature enhancements and bugfixes were made.

Release Notes: This version includes all the bugfixes from
version 1.3.6, as well as the new virtual user
management feature. This feature lets you have
many virtual user sets in your system. As an
example, you can start your mail server in a
different set, and the users you're getting mail
to will not be any of the system users. Likewise,
your jails can be started in a different set so
that the users in that jail will never be the same
ones as the real system users.

Release Notes: This release relates to kernel 2.4.34.5 and
2.6.22.1. There are important fixes with some
compilation errors and an important bug with User
Management password hashing, introduced with the
newer 2.6 kernel crypto API. Some security has
been added with safety measures against null
pointers.